A Note on User Experience - SSO Login

Single Sign-On (SSO) using SAML simplifies identity authentication by allowing users to access GoodTime through their organization’s identity provider (IdP), such as Okta, Azure AD, or similar systems. When SSO is enabled, users can authenticate using their corporate credentials and access GoodTime directly from their SSO portal or tile without needing to login to GoodTime directly via Google or O365 OAuth.

However, it is important to note that calendar access is governed by a separate authorization model that uses OAuth with the user’s calendar provider, typically Google Workspace or Microsoft O365. OAuth authorization is required so that GoodTime can securely read and write scheduling data on behalf of the user. This permission allows the platform to check availability, schedule interviews, update calendar events, and manage scheduling workflows.

Because identity authentication (SAML) and calendar authorization (OAuth) serve different security functions, enabling SSO does not eliminate the need for calendar permission verification. SSO confirms the user’s identity, while OAuth grants explicit permission for GoodTime to interact with the user’s calendar.

As a result, GoodTime users who log in through SSO may still occasionally see a Google or Microsoft authorization prompt requesting calendar permissions. The frequency of these prompts depends on the organization’s internal OAuth security policies and token lifetimes configured within Google Workspace or Microsoft 365. In environments with stricter security settings, users may be asked to reauthorize calendar access more frequently.

In practice, SSO replaces the identity verification step and allows seamless access to GoodTime through the organization’s authentication system, while OAuth ensures that calendar permissions remain securely authorized according to the policies defined by the customer’s identity and calendar administrators.

This separation of identity authentication and calendar authorization reflects standard enterprise security practices and ensures that GoodTime can deliver automated scheduling capabilities while maintaining secure, user-approved access to calendar data.